CN104243451A - Information interaction method and system and smart key equipment - Google Patents

Abstract

The invention provides an information interaction method and system and smart key equipment. The information interaction method comprises the steps that a terminal generates and displays transaction order data and generates and issues a transaction request; a server receives the transaction request and generates transaction data; the server and the smart key equipment conduct session key negotiation operation, and a first session key and a second session key are generated respectively; the server uses the first session key to encrypt the transaction data, generates the encrypted transaction data and sends the encrypted transaction data to the terminal; the terminal receives the encrypted transaction data and sends the encrypted transaction data to the smart key equipment; the smart key equipment uses the second session key for decryption to obtain the transaction data, processes the transaction data, obtains second transaction key information and sends the second transaction key information to the terminal; the terminal displays the second transaction key information, generates a confirmation information after obtaining confirmation instruction and sends the confirmation information to the smart key equipment; the smart key equipment sends encrypted signature data to the terminal, and the terminals receives the encrypted signature data and sends the encrypted signature data to the server; the server uses the first session key to decrypt the encrypted signature data, obtains the signature data and conducts attestation operation.

Description

A kind of information interacting method, system and intelligent cipher key equipment

Technical field

The present invention relates to a kind of electronic technology field, particularly relate to a kind of information interacting method, system and intelligent cipher key equipment.

Background technology

In recent years, the fast development of adjoint the Internet and finance informationalizing, while Web bank obtains rapidly generally praising highly of user and bank's industry with its advantage such as convenient, efficient, transaction security problem also becomes increasingly conspicuous, therefore, the preferred mode of Transaction Safety is use electronic key equipment while use Web bank, at present, electronic key equipment can be intelligent cipher key equipment, as USB-KEY, audio frequency KEY or bluetooth KEY etc., also can be smart card, as IC-card etc.

From technical standpoint, intelligent cipher key equipment is for signing electronically and the instrument of data authentication, its built-in miniature safety chip, adopts key algorithm to be encrypted transaction data, to decipher and digital signature, guarantees the confidentiality of online transaction, authenticity, integrality and non-repudiation.In intelligent cipher key equipment, the private key generated by asymmetric key algorithm is stored in safety chip, this private key has the characteristic that cannot derive, uniqueness and the fail safe of private key are ensured, based on the PKI that same algorithm generates, be then stored in bank server, carry out sign test operation in order to the transaction data of signing to intelligent cipher key equipment, sign test by then meaning that transaction data is authentic and valid, and then completes transaction.

In order to ensure that the transaction data that user uses electronic key instrument to sign is real without the data of distorting further, existing intelligent cipher key equipment generally can arrange display screen and acknowledgement key further, transaction data is shown by display screen, user reads transaction data, after thinking that transaction data is truly errorless, can press acknowledgement key, indicating intelligent key devices carries out signature operation to this Transaction Information.But now, along with user is to the raising day by day of the attention degree of transaction security, the transaction using intelligent cipher key equipment is needed to get more and more, the portability of intelligent cipher key equipment and the requirement of property easy to use are also improved thereupon, the factor affecting the portability of intelligent cipher key equipment is the volume of this equipment, the principal element affecting the volume of intelligent cipher key equipment is display screen and acknowledgement key, and the factor affecting the property easy to use of intelligent cipher key equipment needs to carry out dual operation in terminal and intelligent cipher key equipment for completing once transaction.If remove display screen and acknowledgement key, effectively can reduce the volume of intelligent cipher key equipment, but intelligent cipher key equipment cannot show transaction data, terminal obtains transaction data plaintext and shows, if terminal is by assault or distorted transaction data by virus infections, then user cannot know that transaction data is tampered, also real transaction data cannot be obtained, when user carries out confirmation operation based on the transaction data after being tampered of terminal demonstration, intelligent cipher key equipment is in fact the signature carried out illegal transaction data, causes the loss of user's property.Therefore, how to provide a kind of method or system, in process of exchange, terminal cannot be distorted transaction data, Transaction Safety, simplifying the operating process of user in transaction simultaneously and reduce the volume of intelligent cipher key equipment, is this area technical problem urgently to be resolved hurrily.

Summary of the invention

The present invention is intended to one of solve the problem.

Main purpose of the present invention is to provide a kind of information interacting method, it is characterized in that:

Terminal generates and shows trading order form data, and according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message;

Server receives described transaction request, and generates transaction data according to described transaction request;

Described server and the intelligent cipher key equipment key agreement that conversates operates, if success, then generate the first session key, described intelligent cipher key equipment generates the second session key, and described first session key and described second session key are double secret key;

Transaction data described in first session key described in described server by utilizing, generates encrypting transactions data, described encrypting transactions data is sent to described terminal;

Described terminal receives described encrypting transactions data, and described encrypting transactions data is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described encrypting transactions data, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described transaction key message is sent to described terminal;

Described terminal receives and shows described second transaction key message, second transaction key message and described first described in acquisition user comparison is concluded the business after the consistent confirmation instruction triggered afterwards of key message, generate confirmation, and described confirmation is sent to described intelligent cipher key equipment;

After described intelligent cipher key equipment receives described confirmation, ciphering signature data are sent to described terminal, wherein, described ciphering signature data are that intelligent cipher key equipment utilizes described second session key signed data to obtain, and described signed data is that described intelligent cipher key equipment is signed to described transaction data and obtained;

Described terminal receives described ciphering signature data, and described ciphering signature data are sent to described server;

Described server receives described ciphering signature data, utilizes described first session key to decipher described ciphering signature data, obtains described signed data, and carry out sign test operation to described signed data, if sign test success, then described server carries out transactional operation.

In addition, receive described transaction request at described server, and after generating transaction data according to described transaction request, described server and intelligent cipher key equipment conversate before key agreement operates, and also comprise:

Described terminal receives the transaction information that described server sends, and display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described password and verifies that described password is whether correct, if correctly, then described intelligent cipher key equipment and the described server key agreement that conversates operates.

In addition, described terminal is according to described trading order form data genaration transaction request and outgoing, and described server receives described transaction request, comprising:

Described transaction request is sent to ecommerce backstage by described terminal;

Described ecommerce backstage receives described transaction request, and described transaction request is sent to described server;

Described server receives described transaction request.

In addition, described terminal is according to described trading order form data genaration transaction request and outgoing, and described server receives described transaction request, comprising:

Described transaction request is sent to described server by described terminal;

Described server receives described transaction request.

In addition, described server and the intelligent cipher key equipment key agreement that conversates operates, and comprising:

Described intelligent cipher key equipment generates the first random number, and described first random number and preset algorithm identification information are sent to described terminal;

Described terminal receives described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server;

Described server receives described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal;

Described terminal receives described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal,

Described terminal receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server;

Described server receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal,

Described terminal receives described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal, and according to the second preset algorithm, computing is carried out to described first random number, described second random number and described 3rd random number and generate described second session key;

Described terminal receives described second handshaking information, and described second handshaking information is sent to described server;

Described server receives described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm, computing being carried out to described first random number, described second random number and described 3rd random number and generate described first session key.

The present invention also provides a kind of information interaction system on the other hand, it is characterized in that, comprises intelligent cipher key equipment, terminal and server,

Described intelligent cipher key equipment, for operating with the described server key agreement that conversates, if success, then generate the second session key, the encrypting transactions data that receiving terminal sends, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described second transaction key message is sent to described terminal, after receiving the confirmation of described terminal transmission, ciphering signature data are sent to described terminal, wherein, described ciphering signature data are that intelligent cipher key equipment utilizes described second session key signed data to obtain, described signed data is that described intelligent cipher key equipment is signed to described transaction data and obtained,

Described terminal, for generating and showing trading order form data, according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message, receive the encrypting transactions data that described server sends, described encrypting transactions data is sent to described intelligent cipher key equipment, receive and show described second transaction key message, second transaction key message and described first described in acquisition user comparison is concluded the business after the consistent confirmation instruction triggered afterwards of key message, generate described confirmation, and described confirmation is sent to described intelligent cipher key equipment, receive described ciphering signature data, and described ciphering signature data are sent to described server,

Described server, for receiving described transaction request, and generate transaction data according to described transaction request, operate with the described intelligent cipher key equipment key agreement that conversates, if success, then generate the first session key, utilize described first session key transaction data, generate encrypting transactions data, described encrypting transactions data is sent to terminal, receive described ciphering signature data, described first session key is utilized to decipher described ciphering signature data, obtain described signed data, and sign test operation is carried out to described signed data, if sign test success, then carry out transactional operation.

In addition, described terminal, also for receiving the transaction information that described server sends, display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment, also for receiving described password and verifying that whether described password is correct, if correctly, then the key agreement that conversates with described server operates.

In addition, ecommerce backstage is also comprised,

Described terminal, also for described transaction request is sent to described ecommerce backstage;

Described ecommerce backstage, for receiving described transaction request, and is sent to described server by described transaction request;

Described server, also for receiving described transaction request.

In addition, described terminal, also for described transaction request is sent to described server;

Described server, also for receiving described transaction request.

In addition, described intelligent cipher key equipment, also for, generate the first random number, and described first random number and preset algorithm identification information are sent to described terminal, receive described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal, receive described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal, and according to the second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described second session key,

Described terminal, also for, receive described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server, receive described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server, receive described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment, receive described second handshaking information, and described second handshaking information is sent to described server,

Described server, also for, receive described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal, receive described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described first session key.

The present invention reoffers a kind of intelligent cipher key equipment, it is characterized in that, this equipment at least comprises the second session secret key generating module, the first receiver module, parsing module, the first sending module, the second receiver module and security module, wherein,

Described first receiver module, for receiving encrypting transactions data, is sent to described security module;

Described second session secret key generating module, for generating the second session key, is sent to described security module by described second session key;

Described security module, for receiving described encrypting transactions data and described second session key, described second session key is utilized to decipher described encrypting transactions data, obtain transaction data, described transaction data is sent to described parsing module, receive described confirmation, ciphering signature data are sent to the second sending module, wherein, described ciphering signature data are that described security module utilizes described second session key signed data to obtain, and described signed data is that described security module is signed to described transaction data and obtained;

Described parsing module, for resolving described transaction data, obtaining the second transaction critical data and being sent to described first sending module;

Described first sending module, for receiving described second transaction critical data and outgoing;

Described second receiver module, is sent to described security module for confirmation of receipt information;

Described second sending module, for receiving described ciphering signature data and outgoing.

As seen from the above technical solution provided by the invention, a kind of information interacting method provided by the invention and system, session key transaction data and intelligent cipher key equipment is used to use session key signed data by server, ensure that transaction data and signed data can only be obtained by server and intelligent cipher key equipment, terminal only can transmit encrypting transactions data and ciphering signature data, cannot distort transaction data and signed data, ensure transaction security, in transaction flow, also transaction only need be confirmed in terminal, without the need to carrying out secondary-confirmation on intelligent cipher key equipment, improve the convenience of transaction flow, intelligent cipher key equipment in this method and system is without the need to arranging display screen and acknowledgement key, improve the portability of intelligent cipher key equipment.Intelligent cipher key equipment provided by the invention can use session key enabling decryption of encrypted transaction data, obtain transaction data, and transaction critical data is sent to terminal, to be concluded the business critical data by terminal demonstration, when user uses this intelligent cipher key equipment to participate in online transaction, only need at the enterprising line operate of terminal, improve the convenience of transaction, and this intelligent cipher key equipment is without the need to arranging keyboard and display, reduces the volume of intelligent cipher key equipment, improves the portability of equipment.

Accompanying drawing explanation

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.

The flow chart of the information interacting method that Fig. 1 provides for the embodiment of the present invention 1;

The structural representation of the information interaction system that Fig. 2 provides for the embodiment of the present invention 2;

The intelligent cipher key equipment structural representation that Fig. 3 provides for the embodiment of the present invention 3.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to protection scope of the present invention.

In describing the invention, it will be appreciated that, term " " center ", " longitudinal direction ", " transverse direction ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of the instruction such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of indicate or imply that the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore limitation of the present invention can not be interpreted as.In addition, term " first ", " second " only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In describing the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and such as, can be fixedly connected with, also can be removably connect, or connect integratedly; Can be mechanical connection, also can be electrical connection; Can be directly be connected, also indirectly can be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, concrete condition above-mentioned term concrete meaning in the present invention can be understood.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Embodiment 1

In the present embodiment, intelligent cipher key equipment can be USB-KEY, audio frequency KEY, bluetooth KEY or the smart card with signature function etc.Terminal can be mobile phone or PC etc. can with the equipment of server communication.Server can be bank's background server.The connection of intelligent cipher key equipment and terminal can be contact (as connected by audio interface, USB interface connects or DOCK interface connects) also can be contactless (as connected by the mode of infrared, bluetooth, WIFI or NFC), and the information interaction of terminal and server can pass through wired mode also can be to wirelessly.

Fig. 1 is the schematic flow sheet of the embodiment of a kind of information interacting method provided by the invention.Embodiment of the method shown in Fig. 1, comprises the following steps:

Step S101, terminal generates and shows trading order form data, and according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message;

In this step, the first transaction key message can be the contents such as dealing money, collecting account and/or transaction bank.

Further, an embodiment of this step is that described transaction request is sent to ecommerce backstage by described terminal; Described ecommerce backstage can receive described transaction request, and described transaction request is sent to described server.In the present embodiment, ecommerce backstage also after receiving transaction request, can process transaction request and is sent to server.

Further, another embodiment of this step is that described transaction request is sent to described server by described terminal.

Step S102, server receives described transaction request, and generates transaction data according to described transaction request;

Step S103, described server and the intelligent cipher key equipment key agreement that conversates operates, if success, then generate the first session key, described intelligent cipher key equipment generates the second session key, and described first session key and described second session key are double secret key;

Further, an embodiment of this step is that described intelligent cipher key equipment generates the first random number, and described first random number and preset algorithm identification information are sent to described terminal, described terminal receives described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server, described server receives described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal, described terminal receives described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment, described intelligent cipher key equipment receives described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal, described terminal receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server, described server receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal, described terminal receives described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment, described intelligent cipher key equipment receives described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal, and according to the second preset algorithm, computing is carried out to described first random number, described second random number and described 3rd random number and generate described second session key, described terminal receives described second handshaking information, and described second handshaking information is sent to described server, described server receives described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm, computing being carried out to described first random number, described second random number and described 3rd random number and generate described first session key.

In this step, server and the intelligent cipher key equipment key agreement that conversates operates, session key transaction data and intelligent cipher key equipment is used to use session key signed data by server, ensure that transaction data and signed data can only be obtained by server and intelligent cipher key equipment, terminal only can transmit encrypting transactions data and ciphering signature data, transaction data and signed data cannot be obtained, namely cannot distort transaction data and signed data, ensure transaction security.

Further, before this step, also comprise: described terminal receives the transaction information that described server sends, display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment; Described intelligent cipher key equipment receives described password and verifies that described password is whether correct, if correctly, then described intelligent cipher key equipment and the described server key agreement that conversates operates.

Step S104, transaction data described in the first session key described in described server by utilizing, generates encrypting transactions data, described encrypting transactions data is sent to described terminal;

In this step, transaction data can be the information comprising the contents such as user profile, spending amount and/or transaction bank title that server sends.

Step S105, described terminal receives described encrypting transactions data, and described encrypting transactions data is sent to described intelligent cipher key equipment;

In this step, terminal cannot do any process to encrypting transactions data owing to cannot know the decruption key of encrypting transactions data, directly intelligent cipher key equipment is sent it to after receiving encrypting transactions data, can ensure that the virus that encrypting transactions data may cannot be existed by terminal or trojan horse program infect or distort, and then ensured the safety of encrypting transactions data, improve the fail safe of transaction.

Step S106, described intelligent cipher key equipment receives described encrypting transactions data, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described transaction key message is sent to described terminal;

In this step, the second transaction key message can be the information such as dealing money, collecting account and/or transaction bank.

Step S107, described terminal receives and shows described second transaction key message, after the second transaction key message and described first concludes the business the consistent confirmation instruction triggered afterwards of key message described in acquisition user comparison, generate confirmation, and described confirmation is sent to described intelligent cipher key equipment;

In this step, terminal demonstration transaction key message, confirm for user, whether transaction key message and this of user's comparison terminal demonstration conclude the business consistent, if consistent, then user confirms by the mode such as button, voice, after terminal is confirmed information, again confirmation is sent to intelligent cipher key equipment, so that intelligent cipher key equipment carries out next step operation, if user does not admit the content of transaction key message, trade confirmation operation can not be carried out, or Cancelled Transaction by the mode such as button, voice, ensure transaction security.

Step S108, after described intelligent cipher key equipment receives described confirmation, ciphering signature data are sent to described terminal, wherein, described ciphering signature data are that intelligent cipher key equipment utilizes described second session key signed data to obtain, and described signed data is that described intelligent cipher key equipment is signed to described transaction data and obtained;

In this step, the private key for user in the safety chip that the key used the signature operation of transaction data is intelligent cipher key equipment, private key for user has the characteristic that can not derive, and signature operation is the known technology of this area, and idiographic flow does not repeat them here.In this step, because the second session key is only stored in intelligent cipher key equipment, terminal can not obtain the second session key, ensure and used the second session key signed data and the ciphering signature data that obtain cannot by terminal deciphering, terminal cannot distort signed data, has ensured the fail safe of transaction.

Step S109, described terminal receives described ciphering signature data, and described ciphering signature data are sent to described server;

Step S110, described server receives described ciphering signature data, utilizes described first session key to decipher described ciphering signature data, obtain described signed data, and sign test operation is carried out to described signed data, if sign test success, then described server carries out transactional operation.

In this step, to the PKI of the intelligent cipher key equipment that the key of the sign test operation use of signed data prestores for server, sign test is operating as the known technology of this area, and idiographic flow does not repeat them here.

The information interacting method that the present embodiment provides, session key transaction data and intelligent cipher key equipment is used to use session key signed data by server, ensure that transaction data and signed data can only be obtained by server and intelligent cipher key equipment, terminal only can transmit encrypting transactions data and ciphering signature data, transaction data and signed data cannot be obtained, namely cannot distort transaction data and signed data, ensure transaction security, in transaction flow, user is by the second transaction key message of terminal demonstration, judge that whether it is consistent with the first key message of concluding the business, and then judge whether to confirm transaction, and confirm that the process of transaction also only need confirm transaction in terminal, without the need to carrying out secondary-confirmation on intelligent cipher key equipment, improve the convenience of transaction flow, and transaction critical data shows in terminal, intelligent cipher key equipment is without the need to arranging display screen and acknowledgement key, improve the portability of intelligent cipher key equipment.

The present embodiment also provides a kind of information interaction system adopting above-mentioned information interacting method, this system be with the method one to one, do not repeat them here, it is as follows only to carry out brief description:

Fig. 2 illustrates the structural representation of this information interaction system, and see Fig. 2, information interaction system of the present invention, comprising: intelligent cipher key equipment 201, terminal 201 and server 203.

Described intelligent cipher key equipment 201, for operating with described server 203 key agreement that conversates, if success, then generate the second session key, the encrypting transactions data that receiving terminal 202 sends, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described second transaction key message is sent to described terminal 202, after receiving the confirmation of described terminal 202 transmission, ciphering signature data are sent to described terminal 202, wherein, described ciphering signature data are that intelligent cipher key equipment 201 utilizes described second session key signed data to obtain, described signed data is that described intelligent cipher key equipment 201 is signed to described transaction data and obtained,

Further, an embodiment of native system is, in native system, also comprise ecommerce backstage, and wherein, described terminal is also for being sent to described ecommerce backstage by described transaction request; Described ecommerce backstage, for receiving described transaction request, and is sent to described server 203 by described transaction request.

Further, an embodiment of native system is, described terminal 202 is also for being sent to described server 203 by described transaction request.

Described terminal 202, for generating and showing trading order form data, according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message, receive the encrypting transactions data that described server 203 sends, described encrypting transactions data is sent to described intelligent cipher key equipment 201, receive and show described second transaction key message, second transaction key message and described first described in acquisition user comparison is concluded the business after the consistent confirmation instruction triggered afterwards of key message, generate described confirmation, and described confirmation is sent to described intelligent cipher key equipment 201, receive described ciphering signature data, and described ciphering signature data are sent to described server 203,

Further, in native system, described terminal 202, also for receiving the transaction information that described server sends, display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment 201; Described intelligent cipher key equipment 201, also for receiving described password and verifying that whether described password is correct, if correctly, then the key agreement that conversates with described server 203 operates.

Described server 203, for receiving described transaction request, and generate transaction data according to described transaction request, operate with described intelligent cipher key equipment 201 key agreement that conversates, if success, then generate the first session key, utilize described first session key transaction data, generate encrypting transactions data, described encrypting transactions data is sent to terminal 202, receive described ciphering signature data, described first session key is utilized to decipher described ciphering signature data, obtain described signed data, and sign test operation is carried out to described signed data, if sign test success, then carry out transactional operation.

Further, in native system, described intelligent cipher key equipment 201, also for, generate the first random number, and described first random number and preset algorithm identification information are sent to described terminal 202, receive described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal 202, receive described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal 202, and according to the second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described second session key, described terminal 202, also for, receive described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server 203, receive described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment 201, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server 203, receive described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment 201, receive described second handshaking information, and described second handshaking information is sent to described server 203, described server 203, also for, receive described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal 202, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal 202, receive described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described first session key.

The information interaction system that the present embodiment provides, session key transaction data and intelligent cipher key equipment 201 is used to use session key signed data by server 203, ensure that transaction data and signed data can only be obtained by server 203 and intelligent cipher key equipment 201, terminal 202 only can transmit encrypting transactions data and ciphering signature data, transaction data and signed data cannot be obtained, namely cannot distort transaction data and signed data, ensure transaction security, in transaction flow, the second transaction key message that user shows by terminal 202, judge that whether it is consistent with the first key message of concluding the business, and then judge whether to confirm transaction, and confirm that the process of transaction also only need confirm transaction in terminal 202, without the need to carrying out secondary-confirmation on intelligent cipher key equipment 201, improve the convenience of transaction flow, and transaction critical data shows in terminal 202, intelligent cipher key equipment 201 is without the need to arranging display screen and acknowledgement key, improve the portability of intelligent cipher key equipment 201.

Fig. 3 illustrates the structural representation of the embodiment of this intelligent cipher key equipment.Structure shown in Fig. 3, this equipment at least comprises: the first receiver module 301, second session secret key generating module 302, security module 303, parsing module 304, first sending module 305, second receiver module 306 and the second sending module 307, wherein,

Described first receiver module 301, for receiving encrypting transactions data, is sent to described security module 303;

Described second session secret key generating module 302, for generating the second session key, is sent to described security module 303 by described second session key;

Described security module 303, for receiving described encrypting transactions data and described second session key, described second session key is utilized to decipher described encrypting transactions data, obtain transaction data, described transaction data is sent to described parsing module 304, receive described confirmation, ciphering signature data are sent to the second sending module 307, wherein, described ciphering signature data are that described security module 303 utilizes described second session key signed data to obtain, and described signed data is that described security module 303 is signed to described transaction data and obtained;

Described parsing module 304, for resolving described transaction data, obtaining the second transaction critical data and being sent to described first sending module 305;

Described first sending module 305, for receiving described second transaction critical data and outgoing;

Described second receiver module 306, is sent to described security module 303 for confirmation of receipt information;

Described second sending module 307, for receiving described ciphering signature data and outgoing.

The intelligent cipher key equipment that the present embodiment provides, the second session key enabling decryption of encrypted transaction data can be used, obtain transaction data, and transaction critical data is sent to terminal, to be concluded the business critical data by terminal demonstration, and because terminal is without the second session key, cannot enabling decryption of encrypted transaction data, cannot distort transaction data, ensure transaction security, when user uses this intelligent cipher key equipment to participate in online transaction, only need at the enterprising line operate of terminal, without the need at the enterprising line operate of intelligent cipher key equipment, improve the convenience of transaction, and this intelligent cipher key equipment is without the need to arranging keyboard and display, reduce the volume of intelligent cipher key equipment, improve the portability of equipment.

Describe and can be understood in flow chart or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.

The above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.

In the description of this specification, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.

Although illustrate and describe embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention when not departing from principle of the present invention and aim, revising, replacing and modification.Scope of the present invention is by claims and equivalency thereof.

Claims (11)

1. an information interacting method, is characterized in that:

Terminal generates and shows trading order form data, and according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message;

Server receives described transaction request, and generates transaction data according to described transaction request;

Described server and the intelligent cipher key equipment key agreement that conversates operates, if success, then generate the first session key, described intelligent cipher key equipment generates the second session key, and described first session key and described second session key are double secret key;

Transaction data described in first session key described in described server by utilizing, generates encrypting transactions data, described encrypting transactions data is sent to described terminal;

Described terminal receives described encrypting transactions data, and described encrypting transactions data is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described encrypting transactions data, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described transaction key message is sent to described terminal;

Described terminal receives and shows described second transaction key message, second transaction key message and described first described in acquisition user comparison is concluded the business after the consistent confirmation instruction triggered afterwards of key message, generate confirmation, and described confirmation is sent to described intelligent cipher key equipment;

After described intelligent cipher key equipment receives described confirmation, ciphering signature data are sent to described terminal, wherein, described ciphering signature data are that intelligent cipher key equipment utilizes described second session key signed data to obtain, and described signed data is that described intelligent cipher key equipment is signed to described transaction data and obtained;

Described terminal receives described ciphering signature data, and described ciphering signature data are sent to described server;

Described server receives described ciphering signature data, utilizes described first session key to decipher described ciphering signature data, obtains described signed data, and carry out sign test operation to described signed data, if sign test success, then described server carries out transactional operation.

2. method according to claim 1, is characterized in that, receives described transaction request at described server, and after generating transaction data according to described transaction request, and described server and intelligent cipher key equipment conversate before key agreement operates, and also comprise:

Described terminal receives the transaction information that described server sends, and display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described password and verifies that described password is whether correct, if correctly, then described intelligent cipher key equipment and the described server key agreement that conversates operates.

3. method according to claim 1, is characterized in that, described terminal is according to described trading order form data genaration transaction request and outgoing, and described server receives described transaction request, comprising:

Described transaction request is sent to ecommerce backstage by described terminal;

Described ecommerce backstage receives described transaction request, and described transaction request is sent to described server;

Described server receives described transaction request.

4. method according to claim 1, is characterized in that, described terminal is according to described trading order form data genaration transaction request and outgoing, and described server receives described transaction request, comprising:

Described transaction request is sent to described server by described terminal;

Described server receives described transaction request.

5. the method according to any one of Claims 1-4, is characterized in that, described server and the intelligent cipher key equipment key agreement that conversates operates, and comprising:

Described intelligent cipher key equipment generates the first random number, and described first random number and preset algorithm identification information are sent to described terminal;

Described terminal receives described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server;

Described server receives described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal;

Described terminal receives described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal,

Described terminal receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server;

Described server receives described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal,

Described terminal receives described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment receives described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal, and according to the second preset algorithm, computing is carried out to described first random number, described second random number and described 3rd random number and generate described second session key;

Described terminal receives described second handshaking information, and described second handshaking information is sent to described server;

Described server receives described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm, computing being carried out to described first random number, described second random number and described 3rd random number and generate described first session key.

6. an information interaction system, is characterized in that, comprises intelligent cipher key equipment, terminal and server,

Described intelligent cipher key equipment, for operating with the described server key agreement that conversates, if success, then generate the second session key, the encrypting transactions data that receiving terminal sends, and utilize described second session key to be decrypted operation to described encrypting transactions data, obtain described transaction data, process described transaction data and obtain the second transaction key message, and described second transaction key message is sent to described terminal, after receiving the confirmation of described terminal transmission, ciphering signature data are sent to described terminal, wherein, described ciphering signature data are that intelligent cipher key equipment utilizes described second session key signed data to obtain, described signed data is that described intelligent cipher key equipment is signed to described transaction data and obtained,

Described terminal, for generating and showing trading order form data, according to described trading order form data genaration transaction request and outgoing, described trading order form data comprise the first transaction key message, receive the encrypting transactions data that described server sends, described encrypting transactions data is sent to described intelligent cipher key equipment, receive and show described second transaction key message, second transaction key message and described first described in acquisition user comparison is concluded the business after the consistent confirmation instruction triggered afterwards of key message, generate described confirmation, and described confirmation is sent to described intelligent cipher key equipment, receive described ciphering signature data, and described ciphering signature data are sent to described server,

Described server, for receiving described transaction request, and generate transaction data according to described transaction request, operate with the described intelligent cipher key equipment key agreement that conversates, if success, then generate the first session key, utilize described first session key transaction data, generate encrypting transactions data, described encrypting transactions data is sent to terminal, receive described ciphering signature data, described first session key is utilized to decipher described ciphering signature data, obtain described signed data, and sign test operation is carried out to described signed data, if sign test success, then carry out transactional operation.

7. system according to claim 5, is characterized in that,

Described terminal, also for receiving the transaction information that described server sends, display input password prompt information, receives password and described password is sent to described intelligent cipher key equipment;

Described intelligent cipher key equipment, also for receiving described password and verifying that whether described password is correct, if correctly, then the key agreement that conversates with described server operates.

8. system according to claim 6, is characterized in that, also comprises ecommerce backstage,

Described terminal, also for described transaction request is sent to described ecommerce backstage;

Described ecommerce backstage, for receiving described transaction request, and is sent to described server by described transaction request;

Described server, also for receiving described transaction request.

9. system according to claim 6, is characterized in that,

Described terminal, also for described transaction request is sent to described server;

Described server, also for receiving described transaction request.

10., according to the system described in claim 6 to 9, it is characterized in that,

Described intelligent cipher key equipment, also for, generate the first random number, and described first random number and preset algorithm identification information are sent to described terminal, receive described second random number and described server certificate, verify described server certificate, if by checking, then generate the 3rd random number, extract the server public key in described server certificate, and utilize described server public key according to described 3rd generating random number first enciphered message of described first preset algorithm encryption, utilize described intelligent cipher key equipment private key to carry out signature to described first random number and described second random number and obtain the first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described terminal, receive described first handshaking information, verification operation is carried out to described first handshaking information, be proved to be successful rear generation second handshaking information, described second handshaking information is sent to described terminal, and according to the second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described second session key,

Described terminal, also for, receive described first random number and described first preset algorithm identification information, and described first random number and described first preset algorithm identification information are sent to described server, receive described second random number and described server certificate, and described second random number and described server certificate are sent to described intelligent cipher key equipment, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, and by described intelligent cipher key equipment certificate, described first enciphered message and described first signed data are sent to described server, receive described first handshaking information, and described first handshaking information is sent to described intelligent cipher key equipment, receive described second handshaking information, and described second handshaking information is sent to described server,

Described server, also for, receive described first random number and described first preset algorithm identification information, according to described first preset algorithm identification information judgment, whether server supports first preset algorithm corresponding with described first preset algorithm identification information, if, then described server generates the second random number, and described second random number and server certificate are sent to described terminal, receive described intelligent cipher key equipment certificate, described first enciphered message and described first signed data, verify described intelligent cipher key equipment certificate, if be proved to be successful, then extract the intelligent cipher key equipment PKI in described intelligent cipher key equipment certificate, described intelligent cipher key equipment PKI is utilized to carry out sign test operation to described first signed data, after sign test success, described privacy key is utilized to obtain described 3rd random number according to described first enciphered message of described first preset algorithm deciphering, generate the first handshaking information, and described first handshaking information is sent to described terminal, receive described second handshaking information, verification operation is carried out to described second handshaking information, after being proved to be successful, according to described second preset algorithm to described first random number, described second random number and described 3rd random number are carried out computing and are generated described first session key.

11. 1 kinds of intelligent cipher key equipments, is characterized in that, this equipment at least comprises the second session secret key generating module, the first receiver module, parsing module, the first sending module, the second sending module, the second receiver module and security module, wherein,

Described first receiver module, for receiving encrypting transactions data, is sent to described security module;

Described second session secret key generating module, for generating the second session key, is sent to described security module by described second session key;

Described security module, for receiving described encrypting transactions data and described second session key, described second session key is utilized to decipher described encrypting transactions data, obtain transaction data, described transaction data is sent to described parsing module, receive described confirmation, ciphering signature data are sent to the second sending module, wherein, described ciphering signature data are that described security module utilizes described second session key signed data to obtain, and described signed data is that described security module is signed to described transaction data and obtained;

Described parsing module, for resolving described transaction data, obtaining the second transaction critical data and being sent to described first sending module;

Described first sending module, for receiving described second transaction critical data and outgoing;

Described second receiver module, is sent to described security module for confirmation of receipt information;

Described second sending module, for receiving described ciphering signature data and outgoing.